Overview:

Exposes hidden risks

Sophos XG Firewall provides unprecedented visibility into top risk users, unknown apps, advanced threats, suspicious payloads and much more. You also get rich on-box reporting included at no extra charge and the option to add Sophos iView for centralized reporting across multiple firewalls.

Automatically responds to incidents

XG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.

Simply manage multiple firewalls

Sophos Central is the ultimate cloud-management platform - for all your Sophos products. It makes day-to-day setup, monitoring, and management of your XG Firewall easy. It also provides helpful features such as alerting, backup management, one-click firmware updates and rapid provisioning of new firewalls. Optionally, Sophos Firewall Manager (SFM) provides powerful multi-device management tools for easy provisioning of consistent policies across your entire estate. And if you also want to consolidate reporting across multiple XG, SG, and Cyberoam appliances you can easily do that with Sophos iView.

Security features you can't get anywhere else

XG Firewall includes a number of innovations that not only make your job a lot easier, but also ensure your network is more secure.

Synchronized Security

An industry first, Synchronized Security links your endpoints and your firewall to enable unique insights and coordination. Security Heartbeat™ relays Endpoint health status and enables your firewall to immediately identify and respond to a compromised system on your network. The firewall can isolate systems until they can be investigated and cleaned up. Another Synchronized Security feature, Synchronized App Control, also enables the firewall to query the endpoint to determine the source of unknown traffic on the network.

Unified Firewall Rules

User identity takes enforcement to a whole new layer with our identity based policy technology enabling user level controls over applications, bandwidth and other network resources regardless of IP-address, location, network or device. It literally takes firewall policy to a whole new layer.

A Firewall That Thinks Like You

Pre-defined policy templates let you protect common applications like Microsoft Exchange or SharePoint quickly and easily. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/outbound firewall rules and security settings for you automatically - displaying the final policy in a statement in plain English.

Insights into Top Risk Users

The Sophos User Threat Quotient (UTQ) indicator is a unique feature which provides actionable intelligence on user behavior. Our firewall correlates each user's surfing habits and activity with advanced threat triggers and history to identify users with risk-prone behavior.

Flexible deployment, no compromise

Unlike our competitors, whether you choose hardware, software, virtual or Microsoft Azure, we don't make you compromise - every feature is available on every model and form-factor.

What's New:

XG Firewall joins Sophos Central

We're pleased to announce that the early access program (EAP) for XG Firewall management through Sophos Central is now available for you to take a test drive.

As you probably know, Sophos Central is the ultimate cloud-management platform for all of your Sophos products, and it now includes XG Firewall. It makes day-to-day setup, monitoring, and management of your network protection easy. You can quickly and easily add all your XG Firewalls into Sophos Central, giving you secure access to your entire estate from anywhere.

With XG Firewall joining Sophos Central, you can now manage all your Sophos Synchronized Security products from a single cloud console. Intercept X and the rest of the Sophos suite of protection are all there, at your fingertips: mobile, email, wireless, and more.

How to get started in three easy steps:

First, you'll need a Sophos Central account if you don't already have one. Head on over to cloud.sophos.com to create a trial account or login, and while you're there, enroll in the Early Access Program by clicking your account in the upper right corner of the console.

Next, login into your firewall and add your Sophos Central credentials to the Central Synchronization screen and select the option to Manage from Sophos Central.

XG Firewall v17.5 is now available

XG Firewall v17.5 is now available, bringing new Synchronized Security features, options for education institutions and more of your top requested features.

The rise in targeted ransomware and other active adversary attacks makes rapid identification and response critical to contain these threats and prevent them from moving laterally across your network.

Lateral Movement Protection, a new Synchronized Security feature, builds on the success of Security Heartbeat™ in providing an automated response to the presence of a threat. It not only isolates the compromised system from accessing network resources at the firewall, but also now enlists the aid of all healthy endpoints on the network to synchronize a defense.

All healthy Sophos endpoints will isolate any compromised system, providing isolation at the endpoint level, and preventing any threat from moving laterally - even on the same broadcast domain or network segment.

We will be diving into this and other Synchronized Security features in more detail in the days ahead.

In addition to Lateral Movement Protection, there's a variety of new features focused on protection, flexibility, networking and management.

What's new in XG Firewall v17.5

Here's a quick overview of the key new features in v17.5:

Synchronized Security - lateral movement protection - extends our Security Heartbeat™ automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.

Synchronized User ID - utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.

Education features - such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support.

Email features - adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim, which closes a couple of top requested feature differences with SG Firewall.

High performance transparent proxy

Optimized for top performance, our transparent proxy technology provides ultra-low latency inspection and HTTPS scanning of all traffic for threats and compliance.

Application Control and QoS

Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics. Synchronized Application Control automatically identifies all the unknown, evasive, and custom application on your network.

Sandstorm Protection

Your best protection against zero-day threats.

The Best Zero-Day Protection

Sophos Sandstorm utilizes the best technology from our leading Intercept X next-gen endpoint protection like exploit prevention and CryptoGuard Protection to identify even previously unseen malware exploits and ransomware before they get on your network.

Business Application Policy Templates

Protection from the latest hacks and attacks

With a variety of advanced protection technologies including URL and form hardening, deep-linking and directory traversal prevention, SQL injection and cross-site scripting protection, cookie signing and more.

Reverse proxy

With authentication options, SSL offloading, and server load balancing ensure maximum protection and performance for your servers being accessed from the internet.

How to Buy:

Every XG Firewall comes equipped with Base Firewall functionality including IPSec, SSL VPN, and Wireless Protection. You can extend protection with our bundles or by adding protection modules individually.

Sophos XG Firewall Value Bundles

For the ultimate in protection, value, and peace-of-mind, get one of our convenient Value Bundles.

Synchronized Security:

Sophos XG Firewall is the only network security solution that is able to fully identify the user and source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall, and integrates endpoint health into firewall rules to control access and isolate compromised systems.

The good news is, this all happens automatically, and is successfully helping numerous businesses and organizations to save time and money in protecting their environments today.

Synchronized Application Control

Using Security Heartbeat we can do much more than just see the health status of an endpoint. We also have a solution to one of the biggest problems most network administrators face today - lack of visibility into network traffic.

Synchronized Application Control automatically identifies, classifies and controls encrypted, custom, evasive, and generic HTTP or HTTPS applications which are currently going unidentified.

Lateral Movement Protection

Lateral Movement Protection automatically isolates compromised systems at every point in the network to stop attacks dead in their tracks. Healthy endpoints assist by ignoring all traffic from unhealthy endpoints, enabling complete isolation, even on the same network segment, to prevent threats and active adversaries from spreading or stealing data.

Synchronized User ID

User authentication is critically important in a nextgeneration firewall but often challenging to implement in a seamless and transparent way. Synchronized User ID eliminates the need for client or server authentication agents by sharing user identity between the endpoint and the firewall through Security Heartbeat™. It's just another great benefit of having your firewall and endpoints integrated and sharing information.

Sophos XG Series Appliances - at a glance:

Our XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM provisioning, and solid-state storage. Whether you're protecting a small business or a large datacenter, you're getting industry leading performance.

Product Matrix

Model

Tech. Specs

Throughput¹

Revision #

Form Factor

Ports/Slots (Max Ports)

w-model 802.11 wireless

Swappable Components

Firewall (Mbps)

VPN (Mbps)

NGFW (Mbps)

AV-proxy (Mbps)

XG 86(w)

1

desktop

4

a/b/g/n/ac

n/a

3,000

225

310

360

XG 106(w)

1

desktop

4

a/b/g/n/ac

opt. ext. Power

3,500

360

480

450

XG 115(w)

3

desktop

4

a/b/g/n/ac

opt. ext. Power

4,000

490

1,000

600

XG 125(w)

3

desktop

9/1 (9)

a/b/g/n/ac

opt. ext. Power, 3G/4G

6,500

700

1,100

700

XG 135(w)

3

desktop

9/1 (9)

a/b/g/n/ac

opt. ext. Power, 3G/4G, Wi-Fi*

8,000

1,180

1,200

1,580

XG 210

3

1U

8/1 (16)

n/a

opt. ext. Power

16,000

1,450

2,200

2,300

XG 230

2

1U

8/1 (16)

n/a

opt. ext. Power

20,000

1,700

3,000

2,800

XG 310

2

1U

12/1 (20)

n/a

opt. ext. Power

28,000

2,750

4,000

3,300

XG 330

2

1U

12/1 (20)

n/a

opt. ext. Power

33,000

3,200

5,500

6,000

XG 430

2

1U

10/2 (26)

n/a

opt. ext. Power

41,000

4,800

6,000

6,500

XG 450

2

1U

10/2 (26)

n/a

opt. int. Power

50,000

5,500

7,500

7,000

XG 550

2

2U

8/4 (32)

n/a

Power, SSD, Fan

65,000

8,400

9,000

10,000

XG 650

2

2U

8/6 (48)

n/a

Power, SSD, Fan

85,000

9,000

10,000

13,000

XG 750

2

2U

8/8 (64)

n/a

Power, SSD, Fan

100,000

11,000

11,800

17,000

* 2nd Wi-Fi module option on 135w only (requires XG v17 MR6)

A simple approach to comprehensive support

We build products that are simple yet comprehensive. And, we take the same approach with our support. With options ranging from basic technical support to those including direct access to senior support engineers and customized delivery.

Licenses names

StandardIncluded with purchase

EnhancedIncluded in all bundles

Enhanced Plus

Support
Via telephone and email

For 90 days
(business hours only)

Included
(24x7)

VIP Access
(24x7)

Security Updates & Patches
For the life of the product

Included with an active software subscription

Included with an active software subscription

Included with an active software subscription

Software Feature Updates & Upgrades

Included 90-days

Included

Included

Consulting
Remote consultation on your firewall configuration and security with a Sophos Senior Technical Support Engineer

Included
(up to 4 hours)

Warranty and RMA
For all hardware appliances

1 year (return / replace)

Advance Exchange
(max. 5 years)

Advance Exchange
(max. 5 years)

Technical Account Manager
Dedicated named technical account manager

Optional
(extra cost)

Optional
(extra cost)

XG 550, XG 650 Specifications:

The Sophos XG 550 and XG 650 are high-performance firewalls equipped to provide protection for larger distributed and growing organizations. They offer CPU technology to effortlessly handle use as an all-in-one solution or a powerful nextgeneration firewall. The models offer either 4 (XG 550) or 6 (XG 650) FleXi Port expansion bays to tailor your connectivity to your environment. An 8 port GbE copper module is supplied as a default. Hot-swappable dual SSDs and power supplies are standard redundancy features in this class.